Sponsored links

Valid XHTML 1.0!
Valid CSS!

Product: Book - Paperback
Title: Microsoft Visual Basic 6.0 Professional Step-By- Step.
Publisher: Microsoft Press
Authors: Michael Halvorson
Rating: 2/5
Customer opinion - 2 stars out of 5
Very very basic, it doesn't go into depth on anything

On the positive side: The book is oriented towards beginners, and does not assume prior programming knowledge (but does assume that you know your way around Windows). The lessons are fairly clear, and the author provides plenty of coding examples on the CD.
On the negative side: Although Halvorson uses standard naming conventions for objects (with three-character prefixes), he does not use the current standard naming conventions for variables. Instead, he uses the old-fashioned BASIC conventions, so a string variable is named Message$ instead of strMessage. (Microsoft recommends against this practice). And as the reviewer from Nashua pointed out, Halvorson doesn't assign types to his string and integer variables, instead leaving them as the default variant type (a bit sloppy, won't really affect small programs or databases but could be a time/space-waster in large-scale projects).
If it weren't for the less-than-ideal programming practices Halvorson uses in his lessons, I'd recommend this book with more enthusiasm. For absolute beginners, it might be better to start with Smiley's intro to VB, and then go through Halvorson's (while correcting the naming conventions and variable types in the exercises!) for more detail. Bear in mind that both are learning books rather than reference books; you'll need to pick up something like "VB and VBA in a Nutshell" (from everyone's favorite geek publisher O'Reilly & Associates) to have at hand while doing more advanced stuff.

Product: Book - Paperback
Title: Gray Hat Hacking : The Ethical Hacker's Handbook
Publisher: McGraw-Hill Osborne Media
Authors: Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester
Rating: 4/5
Customer opinion - 4 stars out of 5
Powerhouse authors should provider deeper coverage next time

'Gray Hat Hacking' (GHH) is positioned as a next-generation book for so-called ethical hackers, moving beyond the tool-centric discussions of books like 'Hacking Exposed.' The authors leave their definition of 'gray hat' unresolved until ch 3, where they claim that a 'white hat' is a person who 'uncovers a vulnerability and exploits it with authorization;' a 'black hat' is one who 'uncovers a vulnerability and illegally exploits it and/or tells others how to;' and a 'gray hat' is one who 'uncovers a vulnerability, does not illegally exploit it or tell others how to do it, but works with the vendor.' I disagree and prefer SearchSecurity.com's definitions, where white hats find vulnerabilities and tell vendors without providing public exploit code; black hats find vulnerabilities, code exploits, and maliciously attack victims; and gray hats find vulnerabilities, publish exploits, but do not illegally use them. According to these more common definitions, the book should have been called 'White Hat Hacking.' I doubt it would sell as well with that title!

Content-wise, the book mixes ethical and legal advice with tool overviews and technical information. Many reviewers note the good legal overview in ch 3, where I found the tables summarizing various laws to be helpful. The authors provide a sound rationale for penetration testing: 'Nothing should be trusted until it is tested' (p. 13). I enjoyed the disclosure discussion in ch 3 as well. I liked the brief tool descriptions of Core IMPACT, Immunity Security's CANVAS, and the Metasploit Framework. Some of the other discussions (e.g., Amap, P0f, Ettercap) didn't go deeper than already published explanations of those same tools.

I found the technical material to be accurate albeit somewhat disorganized and in some cases far too shallow. For example, the authors provide 6 pages on Python (ch 6), 6 pages on C (ch 7), and a single 21 page chapter (ch 10) mentioning system calls, socket programming, and assembly language. On p 279 and several other places the authors admit their topic 'deserves a chapter to itself, if not an entire book!' They should have trusted their instincts and required readers to have prior knowledge of programming in low- and high-level languages prior to reading GHH. Instead, short sections that are too basic for the pros but too rushed for beginners detract from the book's focus.

The five authors clearly know their subjects, but they should have coordinated their chapters better. For example, ch 7 introduces using debuggers without even a description of their purpose. Six chapters later (in ch 13), we read a description of debugging only to be followed again by another discussion of debugging in ch 14. All of this should have been consolidated and rationalized.

I think McGraw-Hill/Osborne's second edition of GHH should seek to differentiate itself from more focused books like 'The Shellcoder's Handbook' (by Wiley) and 'Exploiting Software' (by Addison-Wesley). There is a market for high-end security books without sparse introductory material included for the benefit of beginners. Authors should either commit to the beginners and give enough information to enlighten them, or tell them to read foundational references first and concentrate on the more experienced audience. Authors like Allen Harper and Chris Eagle, winners of last year's 'Capture the Flag' contest at Def Con, can deliver the goods if not constrained by a publisher's desire to address as broad an audience as possible. I would not be surprised to see this book greatly expanded in a second edition, which I look forward to reading.

Product: Book - Paperback
Title: QED: The Strange Theory of Light and Matter
Publisher: Princeton University Press
Authors: Richard Phillips Feynman
Rating: 5/5
Customer opinion - 5 stars out of 5
Elementary expostion, NOT popular science

Here's a book that shows, clearly, that explaining science to a lay audience is something altogether different from "popular science". This book will not teach you buzzwords and catchphrases with which to impress your next non-physicist audience. It will not help you wow the crowds with your knowledge of "philosophical" issues of science.
What this book will do for you is give you a fascinating, lucid and yet elementary introduction to the theory of Quantum Electrodynamics (QED), as told by one of the Nobel laureates whose mind it sprang from. It amazes me how much ground Feynman managed to cover in just four lectures, without assuming ANY foreknowledge of higher mathematics or physics (not even complex numbers, which are central to QED).
Every scientist who deems his work too esoteric to be digested by laymen should be made to read this. Everyone else: get this book and be prepared to learn some amazing and intuition-confounding facts about physics.
[For the record: I'm a mathematician and computer scientist, not a physicist.]

Product: Book - Hardcover
Title: Structured Computer Organization (4th Edition)
Publisher: Prentice Hall
Authors: Andrew S. Tanenbaum
Rating: 5/5
Customer opinion - 5 stars out of 5
Excellent !!!!!!!!!!

Every computer specialist should read it. It gives you the basic ideas about how a computer works inside.
The outline of the book is not very simple but the language is clear and the explannations complete.
Just read it !